I may have missed something, but I think you should be able to implement your own KeyStoreManager interface and use it. I suppose the problem is that this is a global parameter, but one should be able to specify one on the SslParameters class maybe. I just had a quick look, so I may be wrong....
On 9/19/07, Rossmanith, Philipp <[EMAIL PROTECTED]> wrote: > Hi, > > For a project, we'd like to provide Web services (servicemix-http) over an > SSL connection that authenticates client certificates against an LDAP server. > > I've been looking at the code, and I see file-based trust- and keystores, > only. > > What I have planned so far is the following: > The JSSE reference guide proposes an implementation of the X509TrustManager > interface in order to customize the SSL-remote-side authentication. > > My idea would be to specify a new algorithm and set that on SslParameters. > Then, in theory, classes using SslParameters should ask a TrustManagerFactory > for the new algorithm - and get my custom implementation. > > My question is: would this be a feasible way of providing the outlined > functionality given the 3.1.1 code as a basis? Is there a more elegant > solution that I am not aware of? And - did I overlook something? > > Thanks in advance for any comments, > Ciao, Philipp > > This e-mail and any attachments may contain confidential or > privileged information. Any unauthorised copying, use or distribution of > this information is strictly prohibited. > -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/
